Looking at the Processes Behind Business Continuity - Part 1
By Ken Socko, Enterprise Service Continuity Architect, NetApp IT
In a recent brown bag lunch at NetApp IT, we talked about the challenges IT faces in protecting our services and data in the event of a disaster. What can we do to maintain critical business operations while bringing back capabilities as quickly as possible? In a two-part blog, we discuss NetApp’s approach to business continuity and disaster recovery. Part one will focus on the process; part two will focus on the technology.
Like most large companies, NetApp has evaluated different ways to approach this highly complex issue. Our framework relies on a service-based approach where an ecosystem of applications make up a service and a service directly supports a business capability. By focusing at the service level, we can ensure that all the applications needed for a business capability to operate are up and running at the same time and at the appropriate level. Our continuity framework covers both operational resiliency and disaster recovery with six steps to manage our business risk.
The process starts with the business. Business functions create a model of what they do (business capabilities) and how they do it (business processes) using capability/process maps. A business impact analysis is then performed to determine a capability’s criticality and continuity requirements. This serves as the kick-off point for business continuity compliance.
IT Service Management (ITSM) creates a corresponding service and associates it with its required applications in our configuration management database (CMDB) for tracking, analysis, and reporting. From here, we can leverage historical performance and monitoring to determine our current service level (i.e. the baseline).
Combining business and CMDB information to create application recovery plans is a key step of the process. These step-by-step procedure documents are incorporated into service recovery plans that take into account the order of recovery for these ecosystems of applications that are required to deliver the functionality to the business unit.
We validate the accuracy of each application’s recovery plan associated with a service’s ecosystem. If all the application tests take an accumulated 48 hours to recover, that becomes our service’s baseline recovery time. When there is a disaster, this approach tells us which applications to recover first, in which order and the expected total recovery time.
From there, the baseline service levels and validated recovery objectives are compared against the continuity requirements via the service continuity assessment. Any gaps are evaluated for short-term mitigation.
Gaps that remain will be identified as risks to the business and evaluated using the capability continuity analysis. We look at the gaps and then analyze the technologies and costs involved. Our clients and business unit executives want to know what the gaps are and the costs to address them. This information helps them make educated decisions about how to mitigate their risk. It also allows IT to put the business owners in charge of risk management. They can accept the risk or fund fixing it. IT then secures the funding to address its biggest problems up front.
Business continuity requires a structured approach for success. NetApp IT takes a simple step-by-step approach: Define the business capabilities and their criticality, map the processes and applications, maintain/evaluate recovery plans and assess the risks. Because this process is repeatable, measurable, and reportable, it delivers transparency to the business owner and facilitates investment decisions that provide the best value, given the data behind it.
Watch for part 2 of this blog in which we explore how NetApp uses its own technology to support its business continuity/disaster recovery process.
Do you have a business continuity plan in the case of a disaster? What issues keep you up at night? Have you had to test your recovery plans and what did you learn? Share your thoughts by posting a comment below.
The NetApp-on-NetApp blog series features advice from subject matter experts from NetApp IT who share their real-world experiences using NetApp’s industry-leading storage solutions to support business goals. Want to view learn more about the program? Visit www.NetAppIT.com.